Job Description
Director of Internal IT Audit
Location: Barcelona (Sant Cugat)
Sector: Banking / Financial Services
Area: Internal Audit – Technology Risk, Cybersecurity & Data
Role Mission
Define and lead the strategy, planning, and execution of the Internal IT Audit function, ensuring solid and forward-looking coverage of technology risks, cybersecurity, digital transformation, outsourcing, resilience, and data governance in a highly regulated and complex environment.
The role has a transversal scope and high visibility, with direct interaction with Senior Management, Deputy General Management, the Audit Committee, and supervisory authorities.
Key Responsibilities
- Define the strategy, objectives, and annual audit plan for Internal IT and Data Audit, aligned with the Group framework and applicable regulation.
- Lead audit activities covering:
- IT risk governance and management
- Cybersecurity
- Change management and technological transformation
- Outsourcing and third-party risk
- Technological resilience
- Data governance and data quality
- Provide strategic insight and anticipation of emerging technology risks (regulatory, technological, and data-related).
- Coordinate and support international subsidiary audit teams.
- Manage and optimize internal and external human and material resources.
- Lead, develop, and motivate a team of 5 to 10/11 professionals (auditors and supervisors).
- Ensure clear, solid, and credible communication of audit results to senior management.
- Prepare periodic reporting for Executive Management and the Audit and Control Committee.
- Ensure effective follow-up of audit action plans.
Required Profile
- Senior professional with at least 12 years of experience, preferably in banking or financial services consulting.
- Strong knowledge of:
- Internal Audit within the 3rd Line of Defense (3LoD)
- Technology risk management
- Cybersecurity
- Data governance and data quality
- Proven experience in regulated environments, with direct interaction with supervisors.
- Ability to lead technical teams with both operational and strategic vision.
- High personal credibility and influence at executive level.
- Highly structured, assertive, and consistent communication skills, both written and verbal.
Education & Knowledge
- University degree in a technical field (Engineering, Computer Science, or similar).
- Strong knowledge of applicable regulations and frameworks:
- EBA Guidelines
- BCBS 239
- DORA
- AI Act
- Solid understanding of data governance and data quality best practices.
Certifications (Highly Valued)
CISA, CISM, CRISC, CGEIT, AAIA, ITIL, ISO 27001, Cybersecurity-related certifications.
CDMP (DAMA International) will be a plus.
Languages
- Spanish: native or bilingual
- English: high level, full professional fluency required